Wireless devices such as mobile cell phones, may employ a subscriber identity module (SIM) which is used, for among other things, to allow a network authentication unit to authenticate a cell phone before providing service to the cell phone. Subscriber identity modules may be in any suitable form including SIM cards, embedded SIM circuits, or any other suitable logic that provides the functions of a subscriber identity module. The SIM is typically issued by a network operator and the SIM includes, among other things, subscriber identification data unique to the subscriber unit and a secret identification information securely stored in the SIM, suitable cryptographic algorithms to generate a response in reply to an authentication challenge sent by the network prior to granting access to the system or access to other desired resources.
For example, the subscriber identity module (SIM) may be a smart chip card that contains a microprocessor chip and corresponding memory that stores unique subscriber identification information including the subscriber telephone number and secret information and is also used to store instant messages, phone lists, and other information in a secure manner as known in the art. As used herein, a SIM may also be considered a logical application running on a smart card or other processor. As such the SIM provides secure storage of keys identifying a mobile phone service subscriber and also subscription information, preferences and storage of text messages and other information. They are used in many systems including Group Special Mobile System (GSM), UMTS systems and any other suitable wireless communication systems.
For example, an authentication unit in a network which utilizes the same cryptographic algorithm as the SIM card, may generate a random challenge to the wireless mobile device. In response, the wireless mobile device utilizes its secret data and the random challenge information from the network and generates a response using the cryptographic algorithm. The response or reply is then sent back to the network based authentication unit. The network authentication unit locally generates an expected response using the challenge sent by the authentication unit as well as a locally stored copy of the secret information. If the received response from the wireless mobile device matches the locally generated expected response, then access is granted to the wireless mobile device to carry out the call or gain access to any other suitable resource.
It has been proposed to provide a technique so that a third party can authenticate to a wireless mobile device wherein the wireless mobile device uses its SIM based challenge/reply technique. For example, if a third party other than the cellular operator wishes to provide information to a given wireless mobile unit, it has been proposed to allow the third party to send many random challenges and receive responses from the wireless mobile device for those challenges. The third party then stores the challenge/reply pairs and later uses the challenge and previously received reply to authenticate with the mobile device at a later date. Because the third party had already received responses based on challenges initially, when at a later date when the third party wishes to authenticate the mobile device, it sends the same previously sent challenge and knows what response to expect based on the previous response it got when it sent the challenge the first time. Accordingly, the same challenge is sent on more than one occasion. However, allowing a third party access to authenticate a wireless mobile device may not be desirable to a system operator.
Accordingly, a need exists for apparatus systems and methods that can provide a suitable challenge/response authentication operation.